In Production

Security Advisories Database: Reducing IT Support Burden Through Self-Service

Designing a searchable database for partners to track and navigate product vulnerabilities confidently

My Role
UX Lead

Problem Definition
Information Architecture
Interaction Design
Visual Design
Prototyping
Stakeholder Alignment

Team
Manager - Security Engineering
Senior Director - Web Marketing Technology
Senior Manager - Web PM
Product Owner

Timeline & Status
2 Month, In progress

Overview

Following SolarWinds' 2020 security breach, users struggled to find CVE information across two fragmented sources—internal CVEs on an unsearchable page, third-party CVEs buried in support articles. The security team asked to combine them, but I identified the real problem: discoverability. I designed a searchable, filterable database with industry-standard nomenclature and severity coding—going beyond the ask to make critical security data accessible to all users. The solution impressed stakeholders enough to showcase to leadership before development began.

Context

Post-Breach Transparency

Following SolarWinds' 2020 security breach, transparency around vulnerabilities became a non-negotiable business priority. Users needed confidence that they could quickly verify CVE impact on their products—but the existing fragmented approach undermined that trust.

The Challenge

Command F is no way to search
Technically, yes—it works. But for a table spanning six columns and dozens of entries updated several times a month, it wasn’t scalable. Users needed exact phrasing to find results, and even then, multiple hits meant scanning line by line.

Out of sight, out of mind
Third-party CVEs lived as isolated KB articles—unannounced, unsearchable, and disconnected from the main index. With no centralized database or visibility, customers didn’t even know these advisories existed. Finding them meant guessing keywords or paging through unrelated search results.

Okay… but which CVEs should I care about?
Severity scores (e.g., 5.3 vs 5.6 — both “High”) offered little real-world meaning. Users couldn’t distinguish between internal CVEs that required action and external ones that posed no risk.

Index search iterations

Solution

Centralized all CVEs (internal + 3rd party) in one searchable hub

Streamlined Discovery - Added horizontal filtering and sorting to help users quickly find relevant vulnerabilities by product, severity, or date.

Visual Differentiation System - Introduce clear visual cues (color, icons, and new internal “SWSA” codes) to distinguish SolarWinds advisories from third-party ones.

Outcome & Next Steps

The project is currently on hold pending prioritization, but upon launch, I recommended tracking the page for three months to measure:

Decrease in support cases related to 3rd-party CVE inquiries
Filter and sort usage rates
Improved findability of security information across web properties

Future Opportunities:

Cross-link advisories from product and support pages
Expand hub functionality into a searchable security database by product

Lessons Learned

Even small usability gaps (like Command+F dependency) can have major operational costs.

When it comes to security, every second counts. Customer concerned with whether or not the products they use on a daily basis are affected don’t have time to wait. Each second they are affect could be money lost. And because of that, users wanted answers quickly which resulted in our support teams getting and influx of inquiries which could have been solved with a comprehensive space for all advisories notifications. This update should result a reduction of support tickets and reports on 3rd party advisories.

Transparency isn’t just about access to data—it’s about context and clarity in how that data is presented.

A disjointed experience also can affect users getting back to normal as soon as possible. This new experience house all information in one space and allows uses to self select to get their answers quickly.